Hyderabad: A 35-year-old businessman lost Rs 1.23 lakh after downloading an APK file to redeem credit card reward points.
According to the police, the victim downloaded the APK file following a fraudulent call, where a person, posing as an executive from IndusInd Bank, asked him to install an app to redeem credit card reward points..
The caller offered to help the victim to redeem credit card reward points and sent a malicious link via WhatsApp. As the link did not open on the victim’s iPhone, the fraudster advised him to remove the SIM card and insert it into an Android device. The victim followed the instructions and downloaded the APK file, which was falsely presented as a bank app.
After entering his credit card details into the fake app, the victim noticed four unauthorised transactions had been processed without OTP verification, amounting to Rs 1.2 lakh. He filed a complaint with the Cybercrime Wing, and a probe was launched.
Authorities issued a public advisory urging users not to share card details, install apps from unverified sources, or switch SIM cards based on such instructions. Victims are advised to immediately block their cards, report to telecom providers if SIM tampering is suspected, and file complaints at cybercrime.gov.in or by dialling 1930.
According to Shaik Sultan, a cybersecurity researcher, “Lately, APK links are being built in a way that diverts calls and messages to the scammers. This case could be similar. As the victim downloaded the link on an Android phone, the OTPs generated were forwarded to the scammer. The victim only realised it when he checked his bank transactions.”
SECURITY TIPS
1. Update software and apps regularly.
2. Avoid installing APKs, even if recommended by parents or family members, as APKs can be modified based on user behaviour.
3. Install the Kavach app, developed by the Government of India and CDAC, to protect against malicious apps and links.
4. Be cautious when downloading PDFs or any unfamiliar files.
5. Use only authorised apps on your device; third-party apps are not recommended.
6. Do not fall for social engineering techniques used by scammers and hackers.
7. Never hand over your phone to unknown individuals, especially to make calls.
